Jackpotting

ATM machines across the country are being targeted by a wave of criminals in search of an illegal high-tech payday. The Secret Service calls this phenomenon “jackpotting,” and are warning U.S. bank attacks are imminent.

It’s a modern day version of a bank robbery, but no weapons are used — only malware, a small device or two and a special key that can be purchased on the Internet. When cyberattackers take control of the machine, cash spews out of the ATM like a Las Vegas jackpot.

It’s a crime that Paulo Shakarian, an entrepreneurial professor at Arizona State University’s School of Computing, Informatics and Decision Systems Engineering, is quite familiar with. Shakarian directs the Cyber-Socio Intelligent System Laboratory for the university, which specializes in cybersecurity, social network analysis and artificial intelligence. Additionally, he is the CEO of CYR3CON, which creates software that uses machine learning to find actionable intelligence for cybersecurity.

“Jackpotting” got its start in Asia, Europe and Central America and has taken a year to reach the U.S.

Shakarian said there are factors that point to why a certain type of attack affects one company/country/locale and not another. These include:

Is there local hacker expertise relevant to a certain ATM model to make the attack profitable? For any attack to occur, there has to be a hacker who understands the target system and enough of the target system to make it worthwhile.
Are there other attacks that are more profitable or less risky? While jackpotting was previously not seen in the U.S., credit card skimming was very popular, and this can provide better profits (a credit card skimmer can capture hundreds of cards before going detected) and lower risk (i.e. not every device accepting a credit card has a camera watching).

He explained cybercrimes are cyclical because of an inherent cat-and-mouse nature.

“When a certain attack gets popular, more people start to do it. We see this repeatedly with hacker communities on the dark web latching on to recent exploits and malware. Then, once the popularity reaches a certain level, more and more network defenders put in protective measures. This in turn makes the attack less profitable, so the hackers move on to the next thing,” said Shakarian.

Consumer information isn’t likely at risk with this particular crime, he added.

“Jackpotting deals with affecting the local machine and tricking it to disperse money—not money that is connected to a given account. However, a related attack called skimming does involve stealing personal information,” Shakarian said.

Recently, Connecticut police say they found more than $9,000 in $20 bills when they arrested two men suspected in an ATM “jackpotting” scheme.

The Hartford Courant reports security personnel at a Citizens Bank branch in Cromwell called authorities Jan. 27 after observing the men working on the machine while dressed as ATM technicians.

Officers arrived just as the ATM began to spew $20 bills. Police arrested 31-year-old Alex Alberto Fajin-Diaz, a Spanish citizen, and 21-year-old Argenys Rodriguez, of Springfield, at the scene.

The Secret Service had previously warned New England financial institutions that jackpotters may be arriving to the area. Officials say the crime involves installing malicious software or hardware at ATMs, forcing the machine to release as much as $50,000.

Fajin-Diaz and Rodriguez have been charged with federal bank fraud.

He explained the best long-term solution to combating these attacks to gain information on hacker plans via places like the dark web, “as it allows us to understand where they are headed in terms of target selection.”

Source: Arizona State University and the Associated Press contributed to this article.
This article is a repost from Claims Journal and can be found here.